By now you’ve no doubt heard about the widespread outages caused nearly two weeks ago by a bug in the popular CrowdStrike security software, so I won’t attempt to rehash everything. But here are some takeaways that may have escaped your attention:
1. Everyone loves to bash Microsoft, but this time they had nothing to do with it. The crash was entirely caused by a bug in third-party software. Still, Microsoft pitched in important resources and helped develop tools to more swiftly recover machines.
2. The bug affected 8.5 million PCs worldwide. That’s approximately 1% of all Windows computers. Can you imagine the chaos caused by a truly malicious attack that takes down, say, 5-10% of all computers? Now that’s scary!
3. In order to be effective security software, CrowdStrike has to bury itself deep inside the “kernel”, or code of Windows. In essence, it has to be deeper than any malicious code can get so it can eject the virus. So when a small error in its own code went wrong, it caused a major crash of Windows.
4. Apple’s Mac kernel is written so that no third-party programs – malicious or well-intentioned – can get that deep. Interestingly, Microsoft has stated they want to do the same thing but were forced to give access to software like CrowdStrike because of European Union-imposed rules.
5. In some cases, simply rebooting the crashed computer up to 15 times fixed the problem. So we’re not crazy when we tell you to try rebooting your own computer even if you already have!
Hopefully you weren’t impacted too seriously by this event, but if you have a story to tell about how it affected you I would like to hear it.
Comments